About this blog:

This site began life in 2009 as a spinoff from PogoWasRight.org after the number of breaches in 2008 made me realize I needed a separate site just for breaches.

If you want to sponsor the site, email me at breaches[at]databreaches.net, and I’ll consider  your offer.  I know a lot of security firms love my site and check it every day, so consider throwing some money at it to help me keep it going or to offset the costs of running it.


Somewhat surprisingly, this site has no commercial sponsorship. That said, the author has consulting contracts with a few clients who are in fields related to topics covered on this site such as health insurance, EHR software development, and infosecurity. Those clients understand that their consulting contract with the author does not entitle them to any special treatment or consideration on this site.

About me:

I’m not a security professional.  I’m a licensed health care professional who is passionate about protecting privacy. I hope that exposing the scope and seriousness of breaches – large and small – will help inform policymaking and decisions about allocating resources to data security.

“You’ve Got it All Wrong! You’re So Unfair! You’re a Hacker!”

This site is a combination of news aggregation, investigative reporting, and commentary. You may disagree with my reporting or be offended by my opinions. If you think I’ve erred in my reporting, email and let me know what you think I got wrong. If you don’t like my commentary on a situation or on your handling of an incident, you’re free to send a statement for me to consider posting.

If you want to send me legal threats about my reporting or comments, knock yourself out, but don’t be surprised to see me report on your threat, any confidentiality sig blocks you may attach notwithstanding. I have been threatened with lawsuits many times, and to be blunt: there is NOTHING you can threaten me with that will scare me even 1/10th as much as the day both my kids got their driver’s licenses within 15 minutes of each other.

To contact me about this blog, email breaches[at]databreaches.net.  If you wish to use end-to-end encryption for email, use my breaches[at]protonmail.ch address.

This page last updated Nov. 28, 2018.